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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-4, 7, 9-26 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent Application No. 2004/0264435 to Chari et al as in view of U.S. Patent No. 6,546493 to 
Magdych et al. 

a. As per claim 1,15 and 26, Chari et al teaches a method for scanning network devices 
connected to a network, comprising: (a) detecting connection of a first network device to the 
network (See page 3, paragraph [0058], detecting the client includes detecting a Mac address of 
the client, and determining an IP address of the client, when a client device is attached to an 
access network, the Mac address of the client device can be detected). However, Chari et al fails 
to teach scanning of the first network device in response to detection of the first network device. 

Magdych et al teaches a system, method and computer program product for risk 
assessment scanning based on detected anomalous events. Furthermore, Magdych et al teaches 
scanning of the first network device in response to detection of the first network device (See col. 

3. lines 22-67). 
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It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate scanning of the first network device in response to detection of the first 
network device as taught by Magdych et al in the claimed invention of Chari et al in order to 
scan a source of suspicious network communications (See col. 2, lines 11-13). 

b. As per claim 2, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. Furthermore, Chari et al teaches wherein step (a) further comprises inspecting 
data packets communicated over the network (See page 3, paragraph [0058]). 

c. As per claims 3 and 16, Chari et al in view of Magdych et al teaches the claimed 
invention as described above. Furthermore, Chari et al teaches wherein the detecting step further 
comprises querying a database (See page 4, paragraph [0072]). 

d. As per claim 4, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. Furthermore, Chari et al teaches broadcasting pings on the network, 
continuously examining address resolution protocol tables, continuously monitoring event logs, 
transmitting a Lightweight Directory Access Protocol (LDAP) query, and transmitting a Domain 
Name System query (See page 4, paragraph [0061]). 

e. As per claim 9, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach scanning at least one of a configuration, file, 
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data, a software version, a patch, inventory, hardware, and a security vulnerability of the first 
network device. 

Magdych et al teaches scanning at least one of a configuration, file, data, a software 
version, a patch, inventory, hardware, and a security vulnerability of the first network device 
(See col. 4, lines 60-67 and col. 5, lines 1-6). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate scanning at least one of a configuration, file, data, a software version, a 
patch, inventory, hardware, and a security vulnerability of the first network device as taught by 
Magdych et al in the claimed invention of Chari et al in order to determine whether the network 
communication exploit a known vulnerability or violate a policy in decision (See col. 5, lines 10- 
16). 

f. As per claim 10, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach wherein step (b) further comprises updating 
at least one of a configuration, file, data, a software version, inventory, and a security 
vulnerability of the first network device. 

Magdych et al teaches updating at least one of a configuration, file, data, a software 
version, inventory, and a security vulnerability of the first network device (See col. 5, lines 45- 
60). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate updating at least one of a configuration, file, data, a software version, 
inventory, and a security vulnerability of the first network device as taught by Magdych et al in 
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the claimed invention of Chari et al in order to determine whether the network communication 
exploit a known vulnerability or violate a policy in decision (See col. 5, lines 10-16). 

g. As per claim 1 1, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach wherein step (b) further comprises 
comparing at least one security setting of the first network device with a predetermined security 
setting. 

Magdych et al teaches comparing at least one security setting of the first network device 
with a predetermined security setting (See col. 4, lines 57-63). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate comparing at least one security setting of the first network device with a 
predetermined security setting as taught by Magdych et al in the claimed invention of Chari et al 
in order to determine whether the network communication exploit a known vulnerability or 
violate a policy in decision (See col. 5, lines 10-16). 

h. As per claim 12, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach wherein step (b) further comprises at least 
one of installing a software patch on the first network device, installing anti-virus software on the 
first network device, and determining if the first network device is part of a windows domain. 

Magdych et al teaches wherein step (b) further comprises at least one of installing a 
software patch on the first network device, installing anti-virus software on the first network 
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device, and determining if the first network device is part of a windows domain (See col. 4, lines 
10-28). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate wherein step (b) further comprises at least one of installing a software 
patch on the first network device, installing anti- virus software on the first network device, and 
determining if the first network device is part of a windows domain as taught by Magdych et al 
in the claimed invention of Chari et al in order to determine whether the network communication 
exploit a known vulnerability or violate a policy in decision (See col. 5, lines 10-16). 

i. As per claim 13, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach at least one of enabling the first network 
device to have additional access to the network, denying the first network device access to the 
network, notifying another about the first network device based on results of the scan, and 
quarantining the first network device. 

Magdych et al teaches one of enabling the first network device to have additional access 
to the network, denying the first network device access to the network, notifying another about 
the first network device based on results of the scan, and quarantining the first network device 
(See col. 5, lines 1-10). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate at least one of enabling the first network device to have additional 
access to the network, denying the first network device access to the network, notifying another 
about the first network device based on results of the scan, and quarantining the first network 
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device as taught by Magdych et al in the claimed invention of Chari et al in order to determine 
whether the network communication exploit a known vulnerability or violate a policy in decision 
(See col. 5, lines 10-16). 



j. As per claim 14, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach at least one of setting a security policy on 
the first network device, auditing the security policy of the first network device, ensuring 
compliance with a predetermined security policy, and reporting results. 

Magdych et al teaches at least one of setting a security policy on the first network device, 
auditing the security policy of the first network device, ensuring compliance with a 
predetermined security policy, and reporting results (See col. 5, lines 5-60). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate at least one of setting a security policy on the first network device, 
auditing the security policy of the first network device, ensuring compliance with a 
predetermined security policy, and reporting results as taught by Magdych et al in the claimed 
invention of Chari et al in order to determine whether the network communication exploit a 
known vulnerability or violate a policy in decision (See col. 5, lines 10-16). 

k. As per claim 17, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach wherein the scanning module remotely 
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scans the first network device upon detecting data corresponding to the first network device in 
the database. 

Magdych et al teaches remotely scanning the first network device upon detecting data 
corresponding to the first network device in the database (See col. 4, lines 57-63). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate remotely scans the first network device upon detecting data 
corresponding to the first network device in the database as taught by Magdych et al in the 
claimed invention of Chari et al in order to determine whether the network communication 
exploit a known vulnerability or violate a policy in decision (See col. 5, lines 10-16). 

1. As per claim 18, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach comprising a history database storing scan 
results of a scan performed by the scanning module. 

Magdych et al teaches a history database storing scan results of a scan performed by the 
scanning module (See col.4, lines 57-63). 

It would have been obvious to one with ordinary skill in the art at the time the 
invention was made to incorporate a history database storing scan results of a scan performed by 
the scanning module as taught by Magdych et al in the claimed invention of Chari et al in order 
to determine whether the network communication exploit a known vulnerability or violate a 
policy in decision (See col. 5, lines 10-16). 
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m. As per claim 19, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach wherein the scanning module can at least 
one of enable the first network device to have additional access to the network, deny the first 
network device access from the network, notify another about the first network device based on 
results of the scan, and quarantine the first network device. 

Magdych et al teaches wherein the scanning module can at least one of enable the first 
network device to have additional access to the network, deny the first network device access 
from the network, notify another about the first network device based on results of the scan, and 
quarantine the first network device (See col. 5, lines 1-12). 

It would have been obvious to one with ordinary skill in the art at the time the 
invention was made to incorporate wherein the scanning module can at least one of enable the 
first network device to have additional access to the network, deny the first network device 
access from the network, notify another about the first network device based on results of the 
scan, and quarantine the first network device as taught by Magdych et al in the claimed invention 
of Chari et al in order to determine whether the network communication exploit a known 
vulnerability or violate a policy in decision (See col. 5, lines 10-16). 

n. As per claim 20, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach a security policy management module, for at 
least one of setting a security policy on the first network device, auditing the security policy of 
the first network device, ensuring compliance with a predetermined security policy, and 
reporting results. 
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Magdych et al teaches a security policy management module for at least one of setting a 
security policy on the first network device, auditing the security policy of the first network 
device, ensuring compliance with a predetermined security policy, and reporting results (See col. 
5, lines 1-12) 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate a security policy management module for at least one of setting a 
security policy on the first network device, auditing the security policy of the first network 
device, ensuring compliance with a predetermined security policy, and reporting results as taught 
by Magdych et al in the claimed invention of Chari et al in order to determine whether the 
network communication exploit a known vulnerability or violate a policy in decision (See col. 5, 
lines 10-16). 

o. As per claim 21, Chari et al teaches a method for examining a first network device 
connected to a network, comprising: (a) querying a database for data representing connection of 
network devices to a network (See page 4, paragraph [0060]); (b) determining connection of a 
first network device to the network by locating data about the first network device in the 
database (See page 4, paragraph [0060]; (c) determining properties associated with the first 
network device to determine the identity of the first network device (See page 3, paragraph 
[0058]0; However Chari et al fails to teach (d) determining items to scan based on at least one 
of the properties; and (e) performing remote scanning of the first network device in response to 
the determination of the connection of the first network device to the network. 
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Magdych et al teaches determining items to scan based on at least one of the properties; 
and (e) performing remote scanning of the first network device in response to the determination . 
of the connection of the first network device to the network (See col. 3, lines 22-67). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate determining items to scan based on at least one of the properties; and 
(e) performing remote scanning of the first network device in response to the determination of 
the connection of the first network device to the network as taught by Magdych et al in the 
claimed invention of Chari et al in order to scan a source of suspicious network communications 
(See col. 2, lines 11-13). 

p. As per claim 22, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. Furthermore, Chari et al teaches wherein step (c) further comprises 
determining at least one of credentials associated with the first network device and type of the 
first network device (See page 4, paragraph [0059-0061]). 

q. As per claim 23, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. Furthermore, Chari et al teaches wherein step (c) further comprises at least one 
of querying a database where the identity has already been determined, examining network 
traffic, analyzing network behavior, probing the device for signature responses, and logging into 
the device to query data (See page 4, paragraph [0060]). 

r. As per claim 24, Chari et al in view of Magdych et al teaches the claimed invention as 
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described above. However, Chari et al fails to teach wherein step (e) further comprises selecting 
a set of security policy settings to audit. 

Magdych et al teaches selecting a set of security policy settings to audit (See col. 4, lines 
58-67 and col. 5, lines 1-12). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate selecting a set of security policy settings to audit as taught by Magdych 
et al in the claimed invention of Chari et al in order to determine whether the network 
communication exploit a known vulnerability or violate a policy in decision (See col. 5, lines 10- 
16). 

s. As per claim 25, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach comprising at least one of allowing the first 
network device to have additional access to the network, denying access to the network, 
notifying another about the first network device based on results of the remote scanning, and 
quarantining the first network device. 

Magdych et al teaches at least one of allowing the first network device to have 
additional access to the network, denying access to the network, notifying another about the first 
network device based on results of the remote scanning, and quarantining the first network 
device (See col. 4,lines 58-65 and col. 5, lines 1-12) 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate in order to determine whether the network communication exploit a 
known vulnerability or violate a policy in decision (See col. 5, lines 10-16). 
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3. Claims 5-6, 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Patent 
Application No. 2004/0264435 to Chari et al as in view of U.S. Patent No. 6,546493 to Magdych 
et al as applied to claim 1 above, and further in view of U.S. Patent Application No. 
2001/0047401 to Moore et al. 

a. As per claim 5, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al in view of Magdych et al fails to teach wherein step (b) 
further comprises determining at least one of whether the first network device is plugged into a 
wall socket, whether the first network device is connecting to the network via wireless access, 
and whether the first network device is connecting to the network via a Virtual Private Network. 

Moore et al teaches a system and methods for determining the physical location of a 
computer's network interface. Furthermore, Moore et al teaches determining at least one of 
whether the first network device is plugged into a wall socket, whether the first network device is 
connecting to the network via wireless access, and whether the first network device is connecting 
to the network via a Virtual Private Network (See page 9, paragraph [0111]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate determining at least one of whether the first network device is plugged 
into a wall socket, whether the first network device is connecting to the network via wireless 
access, and whether the first network device is connecting to the network via a Virtual Private 
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Network as taught by Moore et al in the claimed invention of Chari et al in view of Magdych et 
al in order to determine the connectivity type of the networks (See page 9, paragraph [0112] 

b. As per claim 6, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al in view of Magdych et al fails to teach wherein step (b) 
further comprises determining a property of the first network device. 

Moore et al teaches wherein step (b) further comprises determining a property of the first 
network device (See page 9, paragraph [0111]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate wherein step (b) further comprises determining a property of the first 
network device as taught by Moore et al in the claimed invention of Chari et al in view of 
Magdych et al in order to determine the connectivity type of the networks (See page 9, paragraph 
[0112]). 

c. As per claim 7, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al in view of Magdych et al fails to teach wherein step (b) 
further comprises determining identity of the first network device. 

Moore et al teaches wherein step (b) further comprises determining identity of the first 
network device (See page 9, paragraph [01 1 1]). 

It would have bee obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate wherein step (b) further comprises determining identity of the first 
network device as taught by Moore et al in the claimed invention of Chari et al in view of 
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Magdych et al in order to determine the connectivity type of the networks (See page 9, paragraph 
[0112]). 

d. As per claim 8, Chari et al in view of Magdych et al teaches the claimed invention as 
described above. However, Chari et al fails to teach wherein the determining of the identity of 
the first network device further comprises at least one of querying a database where the type has 
been determined, examining network traffic, analyzing network behavior, probing the first 
network device for signature responses, attempting to log into the device using a series of 
protocols, logging into the first network device and querying data within the device. 

Magdych et al teaches wherein the determining of the identity of the first network device 
further comprises at least one of querying a database where the type has been determined, 
examining network traffic, analyzing network behavior, probing the first network device for 
signature responses, attempting to log into the device using a series of protocols, logging into the 
first network device and querying data within the device (See col. 4, lines 58-62). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate wherein the determining of the identity of the first network device 
further comprises at least one of querying a database where the type has been determined, 
examining network traffic, analyzing network behavior, probing the first network device for 
signature responses, attempting to log into the device using a series of protocols, logging into the 
first network device and querying data within the device as taught by Magdych et al in the 
claimed invention of Chari et al in order to Magdych et al to scan a source of suspicious network 
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communications (See col. 2, lines 1 1-13). 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

U.S. Patent Application No. 2002/0046260 to Day II teaches a network management 
service for facilitating the management of networked devices. 

U.S. Patent Application No. 2003/0212779 to Boyter et al teaches a system and method 
for network security scanning. 

U.S. Patent No. 6,324656 to Gleichauf et al teaches a system and method for rules driven 
multi-phase network vulnerability assessment. 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Djenane M. Bayard whose telephone number is (571) 272-3878. 
The examiner can normally be reached on Monday- Friday 5:30 AM- 3:00 PM.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Djenane Bayard 
Patent Examiner 
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